Cross-Site Scripting Flaw in Red Hat Advanced Cluster Security Portal
CVE-2022-4975

8.9HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Advanced Cluster Security 3
Vendor: CVE Published:; 27 January 2025

Summary

An XSS vulnerability exists in the Red Hat Advanced Cluster Security portal. When rendering the table view, the portal populates a DOM table element with unsanitized data using innerHTML. This flaw can potentially allow attackers with some control over the rendered data to inject malicious scripts, leading to unauthorized access and data manipulation.

References

https://access.redhat.com/security/cve/CVE-2022-4975

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2071527

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 20, 2025

Credit

Red Hat would like to thank Oscar Arnflo for reporting this issue.